-3

Basically I have a table which has a number as it's name. I want to extract data from the table on a given line.

The table has 3 columns postID, text and date

i can extract data from the table if i enter the table number into the query, e.g with a table number 1

mysql_query("SELECT text FROM `1` WHERE postID = 3");

however what i want to be able to do is set 1 to be a vairable call $post_id (which i already have set up) so the code looks something like this:

mysql_query("SELECT text FROM $user_id WHERE postID = 3");

hope this question is pretty straight forward and i haven't waffled to much

Gordon Linoff
  • 1,242,037
  • 58
  • 646
  • 786
TomJ
  • 424
  • 3
  • 14
  • http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – Pakspul Apr 30 '14 at 13:27
  • Removed the SQL Server tag because the question is obviously about MySQL. – Gordon Linoff Apr 30 '14 at 13:28
  • 1
    This doesn't even make sense, you changed the table you're picking from, not the postID. That's bad. Google normalization - you don't need a table for each user. If you're using mysql, check out the mysqli library for PHP, and prepared statements. – Jessica Apr 30 '14 at 13:28
  • 5
    You should _really_ not have a table with posts per user. What if you want the 10 latest posts system wide? – Joachim Isaksson Apr 30 '14 at 13:28
  • 1
    Basically you have a sub-optimal database design. Normalizing it will make a lot of things, including this problem a lot easier. If you don't know what that means, I've heard good things about the book, Database Design for Mere Mortals. – Dan Bracuk Apr 30 '14 at 13:29
  • Would it be better to have one table for all posts and have a column for the user and the post? That way all the data would be in one table. I apologise for my ignorance i'm new to this. – TomJ Apr 30 '14 at 21:33

1 Answers1

0

You should use msqli it is more saver.

But you can use "SELECT text FROM ".$somevariable." WHERE postID = 3"

Babidi
  • 74
  • 12
  • That's it. Make sure there are no sql code fragments in $user_id, that'd be the spot for code injection and/or use mysqli as mentioned. Aside from that the mysqli_query takes simply a string as arguement, so you can add in your variables with concats. – user3154108 Apr 30 '14 at 13:34